<?php

define('IN_ECS', true);

require(dirname(__FILE__) . '/includes/init.php');
require(ROOT_PATH . 'includes/lib_payment.php');
require(ROOT_PATH . 'includes/lib_order.php');

$payment    = get_payment('payease');
 
$v_oid = $_REQUEST['v_oid'];
$v_pstatus = $_REQUEST['v_pstatus'];
$v_pstring = $_REQUEST['v_pstring'] = iconv( 'gb2312','utf-8', $_REQUEST['v_pstring']);
// $v_pmode = urldecode($_REQUEST['v_pmode']);
$v_pmode = $_REQUEST['v_pmode'] = iconv( 'gb2312','utf-8', $_REQUEST['v_pmode']);
$v_amount = $_REQUEST['v_amount'];
$v_moneytype = $_REQUEST['v_moneytype'];
$v_md5info = $_REQUEST['v_md5info'];
$v_md5money = $_REQUEST['v_md5money'];
$v_sign = $_REQUEST['v_sign'];
$v_count = $_REQUEST['v_count'];
$v_mac = $_REQUEST['v_mac'];
$MD5Key = $payment['cappay_key'];

$log = '【'.date('Y-m-d H:i:s').'】后台'.json_encode($_REQUEST, JSON_UNESCAPED_UNICODE).PHP_EOL;
file_put_contents(ROOT_PATH.'log/pay_log.txt', $log,FILE_APPEND | LOCK_EX);

$sp = '|_|';
$a_oid = explode($sp, $v_oid);
$a_pmode = explode($sp, $v_pmode);
$a_pstatus = explode($sp, $v_pstatus);
$a_pstring = explode($sp, $v_pstring);
$a_amount = explode($sp, $v_amount);
$a_moneytype = explode($sp, $v_moneytype);

$data1 = $v_oid.$v_pmode.$v_pstatus.$v_pstring.$v_count;
$mac = payease_md5($MD5Key, $data1);

$data2 = $v_amount.$v_moneytype;
$md5money = payease_md5($MD5Key, $data2);



if($mac == $v_mac or $md5money == $v_md5money)
{
	echo("sent");
	for($i=0;$i<$v_count;$i++)
	{
		if($a_pstatus[$i]=='1')
		{
			$v_tempdate = explode('-', $a_oid[$i]);
			$order_id = $v_tempdate[3];
			$sql = "SELECT order_sn FROM ".$GLOBALS['ecs']->table('order_info')." WHERE order_id='$order_id'";
			$order_sn = $GLOBALS['db']->getOne($sql);
			/* 改变订单状态 */
			// 			order_paid($order_id);
			$sql = "UPDATE ".$GLOBALS['ecs']->table('order_info').
			" SET pay_status = ".PS_PAYED.", ".
			" pay_time = '".gmtime()."', ".
			" money_paid = order_amount, " .
			" order_amount = 0 ".
			" WHERE order_id=".$order_id;
			$GLOBALS['db']->query($sql);

			/* 记录订单操作记录 */
			order_action($order_sn, OS_CONFIRMED, SS_UNSHIPPED, PS_PAYED, $note, $GLOBALS['_LANG']['buyer']);

			/* 0204 计算未支付订单的行邮税 */
			// 			calculate_all_post_tax($_SESSION['user_id']);

			/* 0308 商品冻结数 */

			add_goods_frozen($order_id);
				
			/* 删除支付成功的二维码 */
			$filename = ROOT_PATH.'images/qrcode/'.$a_oid[$i].'.jpg';
			if (file_exists($filename)){
				@unlink($filename);
			}
			$filename = ROOT_PATH.'mobile/images/qrcode/'.$a_oid[$i].'.jpg';
			if (file_exists($filename)){
				@unlink($filename);
			}
		}
		else if($a_pstatus[$i]=='3')
		{
			$log = '【'.date('Y-m-d H:i:s').'】['.$a_oid[$i].']后台支付被拒绝'.json_encode($a_pstring[$i], JSON_UNESCAPED_UNICODE).PHP_EOL;
			file_put_contents(ROOT_PATH.'log/pay_log.txt', $log,FILE_APPEND | LOCK_EX);
		}
		else
		{
			$log = '【'.date('Y-m-d H:i:s').'】['.$a_oid[$i].']后台'.json_encode($a_pstring[$i], JSON_UNESCAPED_UNICODE).PHP_EOL;
			file_put_contents(ROOT_PATH.'log/pay_log.txt', $log,FILE_APPEND | LOCK_EX);
		}

	}
}
else
{
	echo("error");
	$log = '【'.date('Y-m-d H:i:s').'】['.$a_oid[$i].']后台验证错误'.PHP_EOL;
	file_put_contents(ROOT_PATH.'log/pay_log.txt', $log,FILE_APPEND | LOCK_EX);
}

function payease_md5($key, $data)
{
	if (extension_loaded('mhash'))
	{
		return bin2hex(mhash(MHASH_MD5, $data, $key));
	}

	// RFC 2104 HMAC implementation for php. Hacked by Lance Rushing
	$b = 64;
	if (strlen($key) > $b)
	{
		$key = pack('H*', md5($key));
	}
	$key  = str_pad($key, $b, chr(0x00));
	$ipad = str_pad('', $b, chr(0x36));
	$opad = str_pad('', $b, chr(0x5c));

	$k_ipad = $key ^ $ipad;
	$k_opad = $key ^ $opad;

	return md5($k_opad . pack('H*', md5($k_ipad . $data)));
}


?>